These days many development teams have moved to DevOps or are moving in that direction. But how do you implement traditional security controls in this new DevSecOps world? A Note on Terminology: What is DevOps? DevOps refers to the integration of software Development...

Recently I had the interesting experience… chatting with a handful of potential Virtual Chief Information Security Officer (vCISO) clients over the last few weeks, each expressed they wanted to replace their current vCISO providers. Whenever we are asked to replace...

A few months ago, I blogged about eye-opening findings from a cyber loss control project I’ve been working on, which involves risk assessments of over 100 New Jersey municipal governments. Now largely completed, this work underscores why so many municipal governments...

On July 10, Connecticut Governor Dannel Mallow officially announced the release of the Connecticut Cybersecurity Strategy. The most far-reaching of its kind put forth at the state level, this strategy document outlines how the state expects both public and private...

Prior to joining Pivot Point, I worked for a couple of large financial institutions that employed over 200,000 people. Now working with SMB cyber security clients as well as bigger companies, I see firsthand how fundamentally similar the process for implementing cyber...